package com.xjlsoft.weather.config;

import com.xjlsoft.weather.entity.User;
import com.xjlsoft.weather.mapper.PermissionMapper;
import com.xjlsoft.weather.mapper.RoleMapper;
import com.xjlsoft.weather.mapper.UserMapper;
import com.xjlsoft.weather.po.JWTToken;
import com.xjlsoft.weather.util.PasswordEncrypt;
import com.xjlsoft.weather.util.TokenUtil;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.Set;

/**
 * @ Program       :  com.ljnt.blog.config.CustomRealm
 * @ Description   :  自定义Realm，实现Shiro认证
 * @ Author        :  lj
 * @ CreateDate    :  2020-2-4 18:15
 */
@Component
public class CustomRealm extends AuthorizingRealm {
	
	@Autowired
	private UserMapper usermapper;
	
	@Autowired
	private RoleMapper roleMapper;
	
	@Autowired
	private PermissionMapper permissionMapper;

    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }

    /**
     * 用户授权
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("用户授权");
        String username=TokenUtil.getAccount(principalCollection.toString());
        
        
        Set<String> setPers=permissionMapper.getPermissionByAccount(username);
        Set<String> setRoles=roleMapper.getRoleByAccount(username);
        
        SimpleAuthorizationInfo info= new SimpleAuthorizationInfo();
        info.setRoles(setRoles);
        info.setStringPermissions(setPers);
        //正确的业务流程是到数据库拿该用户的权限再去进行授权的，这里只是简单的直接授权
       
        return info;
    }

    /**
     * 用户身份认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("============身份认证");
        String token= (String) authenticationToken.getCredentials();
        String account= TokenUtil.getAccount(token);
        String password= TokenUtil.getPassword(token);
        String passwordEncryption=PasswordEncrypt.encryptPassword(password);
        
        System.out.println(account);
        
    	User user=usermapper.getUserByAccount(account);
        //这里要去数据库查找是否存在该用户，这里直接放行
        if (user==null){
            throw new AuthenticationException("认证失败！ 用户名称不存在");
        }else{
        	if(user.getStatus().equals("0")){
        		throw new LockedAccountException("账户已被锁定");
        	}
        	if(!user.getPassword().equals(passwordEncryption)){
        		throw new AuthenticationException("认证失败！ 密码错误");
        		
        	}
        }
        return new SimpleAuthenticationInfo(token,token,"MyRealm");
    }
}
